gst-plugins-rs/deny.toml

318 lines
6.6 KiB
TOML
Raw Normal View History

[advisories]
version = 2
db-path = "~/.cargo/advisory-db"
2020-11-20 08:03:52 +00:00
db-urls = ["https://github.com/rustsec/advisory-db"]
2020-06-05 09:33:13 +00:00
ignore = [
2022-01-12 15:47:47 +00:00
# Waiting for https://github.com/librespot-org/librespot/issues/937
"RUSTSEC-2021-0059",
"RUSTSEC-2021-0060",
"RUSTSEC-2021-0061",
2022-11-28 08:58:03 +00:00
"RUSTSEC-2021-0145",
2022-08-16 10:24:04 +00:00
# sodiumoxide is deprecated
# https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/530
2022-08-16 10:24:04 +00:00
"RUSTSEC-2021-0137",
# proc-macro-error is unmaintained
# https://github.com/yanganto/test-with/issues/91
"RUSTSEC-2024-0370",
2020-06-05 09:33:13 +00:00
]
[licenses]
version = 2
allow = [
"MIT",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"OpenSSL",
"Zlib",
"Unicode-DFS-2016",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"MPL-2.0",
]
confidence-threshold = 0.8
[[licenses.clarify]]
2022-06-21 06:44:57 +00:00
name = "ring"
version = "*"
2022-06-21 06:44:57 +00:00
expression = "OpenSSL"
license-files = [
2022-06-21 06:44:57 +00:00
{ path = "LICENSE", hash = 0xbd0eed23 }
]
2023-10-02 06:29:39 +00:00
# Allow AGPL3 from dssim-core, which is optionally used in gst-plugin-videofx
[[licenses.exceptions]]
allow = ["AGPL-3.0"]
name = "dssim-core"
version = "3.2"
# Allow LGPL 2.1 for the threadshare plugin as it includes some LGPL code
[[licenses.exceptions]]
allow = ["LGPL-2.1"]
name = "gst-plugin-threadshare"
[bans]
multiple-versions = "deny"
highlight = "all"
2020-08-10 06:51:52 +00:00
wildcards = "allow"
2021-09-11 05:45:25 +00:00
# ignore duplicated crc dependency because ffv1 depends on an old version
# https://github.com/rust-av/ffv1/issues/21
[[bans.skip]]
name = "crc"
version = "1.8"
2022-12-19 07:54:50 +00:00
# Ignore various duplicated dependencies because librespot depends on an old versions
2022-02-12 10:40:00 +00:00
[[bans.skip]]
name = "block-buffer"
version = "0.9"
[[bans.skip]]
name = "digest"
version = "0.9"
[[bans.skip]]
name = "sha-1"
version = "0.9"
2022-12-19 07:54:50 +00:00
[[bans.skip]]
name = "env_logger"
version = "0.9"
[[bans.skip]]
name = "hmac"
version = "0.11"
[[bans.skip]]
name = "zerocopy"
version = "0.6"
[[bans.skip]]
name = "zerocopy-derive"
version = "0.6"
[[bans.skip]]
name = "multimap"
version = "0.8"
[[bans.skip]]
name = "nix"
version = "0.23"
2022-02-12 10:40:00 +00:00
2022-11-28 08:58:03 +00:00
# field-offset and nix depend on an older memoffset
# https://github.com/Diggsey/rust-field-offset/pull/23
# https://github.com/nix-rust/nix/pull/1885
[[bans.skip]]
name = "memoffset"
version = "0.6"
# Various crates depend on an older version of hermit-abi
[[bans.skip]]
name = "hermit-abi"
version = "0.1"
[[bans.skip]]
name = "hermit-abi"
version = "0.3"
2023-06-30 08:12:52 +00:00
# Various crates depend on an older version of base64
[[bans.skip]]
name = "base64"
version = "0.13"
[[bans.skip]]
name = "base64"
version = "0.21"
# Various crates depend on an older version of socket2
[[bans.skip]]
name = "socket2"
version = "0.4"
# Various crates depend on an older version of bitflags
[[bans.skip]]
name = "bitflags"
version = "1.0"
# tracing-subscriber depends on an older version of regex-syntax
[[bans.skip]]
name = "regex-syntax"
version = "0.6"
# publicsuffix depends on an older version of idna
# https://github.com/rushmorem/publicsuffix/pull/39
[[bans.skip]]
name = "idna"
version = "0.3"
# Various crates depend on an older version of indexmap / hashbrown
[[bans.skip]]
name = "indexmap"
version = "1.0"
[[bans.skip]]
name = "hashbrown"
version = "0.12"
2024-06-25 07:58:56 +00:00
# various livekit dependencies depend on an old version of itertools and sync_wrapper
2023-06-27 07:58:57 +00:00
[[bans.skip]]
name = "itertools"
version = "0.11"
2024-06-25 07:58:56 +00:00
[[bans.skip]]
name = "sync_wrapper"
version = "0.1"
2023-06-27 07:58:57 +00:00
# various rav1e / dssim-core depend on an old version of itertools
[[bans.skip]]
name = "itertools"
version = "0.12"
2023-07-06 05:55:14 +00:00
# matchers depends on an old version of regex-automata
[[bans.skip]]
name = "regex-automata"
version = "0.1"
# Various crates depend on old versions of the windows crates
[[bans.skip]]
name = "windows_x86_64_msvc"
version = "0.48"
[[bans.skip]]
name = "windows_x86_64_gnullvm"
version = "0.48"
[[bans.skip]]
name = "windows_x86_64_gnu"
version = "0.48"
[[bans.skip]]
name = "windows_i686_msvc"
version = "0.48"
[[bans.skip]]
name = "windows_i686_gnu"
version = "0.48"
[[bans.skip]]
name = "windows_aarch64_msvc"
version = "0.48"
[[bans.skip]]
name = "windows_aarch64_gnullvm"
version = "0.48"
[[bans.skip]]
name = "windows-targets"
version = "0.48"
[[bans.skip]]
name = "windows-sys"
version = "0.48"
# Various crates depend on an older version of crypto-bigint
[[bans.skip]]
name = "crypto-bigint"
version = "0.4"
# livekit-api depends on an older version of tokio-tungstenite
[[bans.skip]]
name = "tokio-tungstenite"
version = "0.20"
[[bans.skip]]
name = "tungstenite"
version = "0.20"
# Various crates depend on an older version of http
[[bans.skip]]
name = "http"
version = "0.2"
# Various crates depend on an older version of heck
[[bans.skip]]
name = "heck"
version = "0.4"
# Various crates depend on an older version of hyper / reqwest / headers / etc
[[bans.skip]]
name = "hyper"
version = "0.14"
[[bans.skip]]
name = "hyper-tls"
version = "0.5"
[[bans.skip]]
name = "http-body"
version = "0.4"
[[bans.skip]]
name = "headers-core"
version = "0.2"
[[bans.skip]]
name = "headers"
version = "0.3"
[[bans.skip]]
name = "h2"
version = "0.3"
[[bans.skip]]
name = "reqwest"
version = "0.11"
[[bans.skip]]
name = "rustls-pemfile"
version = "1.0"
[[bans.skip]]
name = "winreg"
version = "0.50"
[[bans.skip]]
name = "system-configuration"
version = "0.5"
[[bans.skip]]
name = "system-configuration-sys"
version = "0.5"
# The AWS SDK uses old versions of rustls and related crates
[[bans.skip]]
name = "rustls"
version = "0.21"
[[bans.skip]]
name = "rustls-native-certs"
version = "0.6"
[[bans.skip]]
name = "rustls-webpki"
version = "0.101"
# warp depends on an older version of tokio-tungstenite
[[bans.skip]]
name = "tokio-tungstenite"
version = "0.21"
[[bans.skip]]
name = "tungstenite"
version = "0.21"
# various crates depend on an older version of system-deps
[[bans.skip]]
name = "system-deps"
version = "6"
# various crates depend on an older version of windows-sys
[[bans.skip]]
name = "windows-sys"
version = "0.52"
# derived-into-owned (via pcap-file) depends on old syn / quote
[[bans.skip]]
name = "syn"
version = "0.11"
[[bans.skip]]
name = "quote"
version = "0.3"
# dav1d depends on old system-deps which depends on old cfg-expr
[[bans.skip]]
name = "cfg-expr"
version = "0.15"
# backtrace and png depend on old miniz_oxide
[[bans.skip]]
name = "miniz_oxide"
version = "0.7"
# tokio-rustls via warp depends on old rustls
[[bans.skip]]
name = "rustls"
version = "0.22"
# aws-smithy-runtime depends on old tokio-rustls
[[bans.skip]]
name = "tokio-rustls"
version = "0.24"
[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-git = [
"https://gitlab.freedesktop.org/gstreamer/gstreamer-rs",
2021-05-14 07:47:52 +00:00
"https://github.com/gtk-rs/gtk-rs-core",
"https://github.com/gtk-rs/gtk4-rs",
2021-09-10 06:20:31 +00:00
"https://github.com/rust-av/ffv1",
"https://github.com/rust-av/flavors",
]